Presentation is loading. Please wait.

Presentation is loading. Please wait.

Management of IT Auditing John Schultz. Define IT – What areas should be considered for inclusion in an IT audit plan? Evaluate IT-related Risk – Doing.

Published byNathan Preston Modified over 8 years ago

Similar presentations

Presentation on theme: "Management of IT Auditing John Schultz. Define IT – What areas should be considered for inclusion in an IT audit plan? Evaluate IT-related Risk – Doing."— Presentation transcript:

1 Management of IT Auditing John Schultz

2 Define IT – What areas should be considered for inclusion in an IT audit plan? Evaluate IT-related Risk – Doing so will help ensure that IT audit procedures and resources are focused on the areas that represent the most risk to the organization. Define the IT Audit Universe – defining the IT audit universe will help effectively balances IT audit needs with resource constraints. Execute IT Audits – how to execute IT audit procedures and how to understand what standards and frameworks exist in the marketplace that can support required procedures. Manage the IT Audit Function – techniques for maximizing the effectiveness of the IT audit function and managing IT audit resources. Address Emerging Issues – IT evolves rapidly. This evolution can introduce significant new risks into an organization.

3 IT Environment

4 IT related Risks Availability – when the system is unavailable for use. Security – when unauthorized access to systems occurs. Integrity – when the data is incomplete or inaccurate. Confidentiality – when information is not kept secret. Effectiveness – when the system does not deliver an intended or expected function. Efficiency – when the systems cause a sub-optimal use of resources.

5 IT Audit Universe Using overly broad definitions for IT audits (e.g. IT general controls) will almost ensure that there will be scope creep in audit procedures. The audit universe for the year should touch on all the layers in the IT environment. IT audits should be structured in such a way as to provide for effective and logical reporting. IT audits should cover the appropriate risks.

6 Executing IT Audits

7 Managing the IT Audit Function Audit Facilitators -Electronic Work papers -Project Management Software -Flowcharting Software -Open Issue Tracking Software -Audit Department Web Site Audit Accelerators -Data Analysis Software -Security Analysis Tools -Network Analysis Tools -Hacking Tools -Application Security Analysis Tools

8 Emerging Issues Wireless Networks Wireless Networks Mobile Devices Mobile Devices Interfaces Interfaces Data Management Data Management Privacy Privacy Segregation of Duties Segregation of Duties Administrative Access Administrative Access Configurable Controls Configurable Controls Piracy Piracy

9 Management of IT Auditing John Schultz

Download ppt "Management of IT Auditing John Schultz. Define IT – What areas should be considered for inclusion in an IT audit plan? Evaluate IT-related Risk – Doing."

Similar presentations

Software Quality Assurance Plan

Software Quality Assurance Plan
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.
Software Quality Assurance Plan

Software Quality Assurance Plan
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.

Audit Guidance Using the Federal Information System Controls Audit Manual (FISCAM) to Achieve Audit Objectives in Financial and Performance Audits Mickie.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 1 - Modern Security Threats.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 1 - Modern Security Threats.
Security Controls – What Works

Security Controls – What Works
Chapter 12 Strategies for Managing the Technology Infrastructure.

Chapter 12 Strategies for Managing the Technology Infrastructure.
Robust Tools for Archiving and Preserving Digital Data Joseph JaJa, Mike Smorul, and Mike McGann Institute for Advanced Computer Studies Department of.

Robust Tools for Archiving and Preserving Digital Data Joseph JaJa, Mike Smorul, and Mike McGann Institute for Advanced Computer Studies Department of.
Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.

Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
1 Requirements Analysis and Specification Requirements analysis.

1 Requirements Analysis and Specification Requirements analysis.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
1 Requirements Analysis and Specification Requirements analysis.

1 Requirements Analysis and Specification Requirements analysis.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.

Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Frequently asked questions about software engineering

Frequently asked questions about software engineering
Change Management Chris Colomb Trish Fullmer Jordan Bloodworth Veronica Beichner.

Change Management Chris Colomb Trish Fullmer Jordan Bloodworth Veronica Beichner.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Computer Systems & Architecture Lesson 5 10. Software Product Lines.

Computer Systems & Architecture Lesson Software Product Lines.

Similar presentations

Ads by Google